* Mark Andrews:
There really is only one solution to preventing bogus
traffic reaching the root servers and that is to run a local
copy of the root zone.
Or sign the root and use aggressive negative caching (which is currently
prohibited by the RFCs, I'm told).
I agree that
* Joe Baptista:
I agree that information leakage is a problem. Curiously enough, no
root server or TLD operators that I know of has published some sort of
privacy statement that underlines how they deal with this issue.
They are not the ones generating this traffic. Its users as they cross
On Sun, Apr 6, 2008 at 9:15 AM, Florian Weimer [EMAIL PROTECTED] wrote:
It means that everybody who can make a BGP announcement can legitimately
hijack DNS traffic to those TLDs. Is this really what we want?
Thats an AS112 security issue. Are they to be trusted? Maybe? Maybe not.
AS112
